Legal claims defining the scope of protection, as filed with the USPTO.
1. A communication terminal communicable with first and second servers through a network, comprising: a processor including a browser, a host controller, an operating system, and an authentication-management-application, wherein the browser is configured to reject an inter-process communication that is being executed, and start a child process by accepting, as an argument, an inter-process communication received from another application and permitted by exception, under conditions in which the operating system is restricted from adding a device driver, making an inter-process communication amongst applications of the communication terminal, and expanding the browser by a plug-in, wherein the operating system controls the host controller by calling one of a plurality of interfaces, including a certain interface that controls a sensor, and wherein the authentication-management-application exchanges data with the sensor that is coupled to the host controller through the certain interface of the operating system, and performs a process including requesting a user authentication by transmitting to the second server a user ID and matching data detected by the sensor, and acquiring a password transmitted from the second server in a case in which the user authentication is successful; relaying, between the first server and the second server, authentication data transmitted from the first server in response to requesting the first server to provide a service; first transmitting a user ID that is prepared in advance and the acquired password to the second server, in a case in which a screen that urges the user ID and the password to be input is received from the second server; and disconnecting a communication with the second server without redirecting an authentication response that includes information specifying the first server and is transmitted from the second server in a case in which a pair of the user ID and the password transmitted to the second server is stored in the second server and the user authentication is successful, and starting the child process of the browser by the argument based on the authentication response and transmitting the authentication response to the first server, to make a log-in to and receive the service from the first server.
2. The communication terminal as claimed in claim 1 , wherein the authentication-management-application redirects the authentication data transmitted from the first server to the second server, and redirects authentication data transmitted from the second server to the first server.
3. The communication terminal as claimed in claim 1 , wherein the authentication-management-application performs the process including acquiring a list of a plurality of first servers providing services; acquiring data detected by the sensor by controlling the sensor; urging a user to input a service name and the user ID; receiving the password by transmitting the user ID and the data detected by the sensor to the second server; making a service providing request with respect to a selected one of the plurality of first servers, according to information specifying the one of the plurality of first servers that is selected and forms a pair with the service name; redirecting the authentication data transmitted from the selected one of the plurality of first servers to the second server according to a redirect setting, and in a case in which the screen that urges the user ID and the password to be input is received from the second server, transmitting the user ID that is prepared in advance and the acquired password to the second server by the authentication-management-application without making a screen display according to the screen; second transmitting the user ID input in response to the urging and the password received by the receiving to the second server, with respect to a request for the user ID and the password transmitted from the second server; and connecting to the selected one of the plurality of first servers according to a server domain part within the authentication data, when the authentication data is first received after transmitting the user ID and the password by the second transmitting, and generating the child process of the browser to which an added authentication data part within the authentication data is transferred.
4. The communication terminal as claimed in claim 1 , wherein the data detected by the sensor includes biometric data selected from a group consisting of fingerprint data, vein data, and iris data.
5. The communication terminal as claimed in claim 1 , wherein the network includes the Internet, and the information specifying the first server includes a Uniform Resource Locator (URL).
6. The communication terminal as claimed in claim 1 , wherein the authentication data includes authentication data in conformance with Security Assertion Markup Language 2.0 (SAML2).
7. The communication terminal as claimed in claim 1 , wherein the data detected by the sensor includes data for authenticating an IC (Integrated Circuit) card or a USB (Universal Serial Bus) token belonging to the user.
8. A secure log-in method for a communication terminal communicable with first and second servers through a network, comprising: starting, by a browser of the communication terminal, configured to reject an inter-process communication that is being executed, a child process of the browser by accepting, as an argument, an inter-process communication received from another application and permitted by exception, under conditions in which an operating system of the communication terminal is restricted from adding a device driver, making an inter-process communication amongst applications of the communication terminal, and expanding the browser by a plug-in; calling one of a plurality of interfaces of an operating system that controls a host controller of the communication terminal, including a certain interface that controls a sensor, and exchanging data with the sensor that is coupled to the host controller through the certain interface of the operating system, by an authentication-management-application of the communication terminal; requesting a user authentication by transmitting to the second server a user ID and matching data detected by the sensor, by the authentication-management-application; transmitting a password from the second server to the communication terminal in a case in which the user authentication is successful; relaying, between the first server and the second server, authentication data transmitted from the first server in response to requesting the first server to provide a service, by the authentication-management-application; transmitting a user ID that is prepared in advance and the acquired password from the authentication-management-application to the second server, in a case in which a screen that urges the user ID and the password to be input is received from the second server; transmitting an authentication response that includes information specifying the first server, from the second server in a case in which a pair of the user ID and the password transmitted from the communication terminal is stored in the second server and the user authentication is successful; and disconnecting a communication with the second server without redirecting the authentication response, and starting the child process of the browser by the argument based on the authentication response and transmitting the authentication response to the first server, by the authentication-management-application, to make a log-in to and receive the service from the first server.
9. The secure log-in method as claimed in claim 8 , wherein the authentication-management-application redirects the authentication data transmitted from the first server to the second server, and redirects authentication data transmitted from the second server to the first server.
10. The secure log-in method as claimed in claim 8 , wherein the authentication-management-application performs a process including acquiring a list of a plurality of first servers providing services; acquiring data detected by the sensor by controlling the sensor; urging a user to input a service name and the user ID; receiving the password by transmitting the user ID and the data detected by the sensor to the second server; making a service providing request with respect to a selected one of the plurality of first servers, according to information specifying the one of the plurality of first servers that is selected and forms a pair with the service name; redirecting the authentication data transmitted from the selected one of the plurality of first servers to the second server according to a redirect setting, and in a case in which the screen that urges the user ID and the password to be input is received from the second server, transmitting the user ID that is prepared in advance and the acquired password to the second server by the authentication-management-application without making a screen display according to the screen; transmitting the user ID input in response to the urging and the password received by the receiving to the second server, with respect to a request for the user ID and the password transmitted from the second server; and connecting to the selected one of the plurality of first servers according to a server domain part within the authentication data, when the authentication data is first received after transmitting the user ID and the password by the transmitting the user ID input in response to the urging, and generating the child process of the browser to which an added authentication data part within the authentication data is transferred.
11. The secure log-in method as claimed in claim 8 , wherein the data detected by the sensor includes biometric data selected from a group consisting of fingerprint data, vein data, and iris data.
12. The secure log-in method as claimed in claim 8 , wherein the network includes the Internet, and the information specifying the first server includes a Uniform Resource Locator (URL).
13. The secure log-in method as claimed in claim 8 , wherein the authentication data includes authentication data in conformance with Security Assertion Markup Language 2.0 (SAML2).
14. The secure log-in method as claimed in claim 8 , wherein the data detected by the sensor includes data for authenticating an IC (Integrated Circuit) card or a USB (Universal Serial Bus) token belonging to the user.
15. A non-transitory computer-readable storage medium having stored therein a program for causing a processor of a communication terminal that is communicable with first and second servers through a network to execute a process comprising: starting, by a browser of the processor, configured to reject an inter-process communication that is being executed, a child process of the browser by accepting, as an argument, an inter-process communication received from another application and permitted by exception, under conditions in which an operating system of the processor is restricted from adding a device driver, making an inter-process communication amongst applications of the processor, and expanding the browser by a plug-in; and calling one of a plurality of interfaces of the operating system that controls a host controller of the processor, including a certain interface that controls a sensor, and exchanging data with the sensor that is coupled to the host controller through the certain interface of the operating system, by an authentication-management-application of the processor, wherein the authentication-management-application includes requesting a user authentication by transmitting to the second server a user ID and matching data detected by the sensor, and acquiring a password from the second server transmitted from the second server in a case in which the user authentication is successful; relaying, between the first server and the second server, authentication data transmitted from the first server in response to requesting the first server to provide a service; transmitting a user ID that is prepared in advance and the acquired password to the second server, in a case in which a screen that urges the user ID and the password to be input is received from the second server; and disconnecting a communication with the second server without redirecting an authentication response that includes information specifying the first server and is transmitted from the second server in a case in which a pair of the user ID and the password transmitted to the second server is stored in the second server and the user authentication is successful, and starting the child process of the browser by the argument based on the authentication response and transmitting the authentication response to the first server, to make a log-in to and receive the service from the first server.
16. The non-transitory computer-readable storage medium as claimed in claim 15 , wherein the authentication-management-application redirects the authentication data transmitted from the first server to the second server, and redirects authentication data transmitted from the second server to the first server.
17. The non-transitory computer-readable storage medium as claimed in claim 15 , wherein the authentication-management-application performs a process including acquiring a list of a plurality of first servers providing services; acquiring data detected by the sensor by controlling the sensor; urging a user to input a service name and the user ID; receiving the password by transmitting the user ID and the data detected by the sensor to the second server; making a service providing request with respect to a selected one of the plurality of first servers, according to information specifying the one of the plurality of first servers that is selected and forms a pair with the service name; redirecting the authentication data transmitted from the selected one of the plurality of first servers to the second server according to a redirect setting, and in a case in which the screen that urges the user ID and the password to be input is received from the second server, transmitting the user ID that is prepared in advance and the acquired password to the second server by the authentication-management-application without making a screen display according to the screen; transmitting the user ID input in response to the urging and the password received by the receiving to the second server, with respect to a request for the user ID and the password transmitted from the second server; and connecting to the selected one of the plurality of first servers according to a server domain part within the authentication data, when the authentication data is first received after transmitting the user ID and the password by the transmitting the user ID input in response to the urging, and generating the child process of the browser to which an added authentication data part within the authentication data is transferred.
18. The non-transitory computer-readable storage medium as claimed in claim 15 , wherein the data detected by the sensor includes biometric data selected from a group consisting of fingerprint data, vein data, and iris data.
19. The non-transitory computer-readable storage medium as claimed in claim 15 , wherein the network includes the Internet, and the information specifying the first server includes a Uniform Resource Locator (URL).
20. The non-transitory computer-readable storage medium as claimed in claim 15 , wherein the authentication data includes authentication data in conformance with Security Assertion Markup Language 2.0 (SAML2).
Unknown
October 25, 2016
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.